Amidst increasing security protocols, hacking cell phones, particularly iOS and Android devices, has transformed into an incredibly costly endeavor. WhatsApp security exploits are now fetching millions of dollars in the underground market. Recently, a Russian company made headlines by offering a staggering $20 million for chains of bugs enabling remote compromise of both iOS and Android phones, with a specific focus on Russian private and government organizations.
This alarming trend is not limited to Russia alone. Beyond its borders, the prices for zero-day exploits have witnessed a significant surge. As of 2021, a zero-day exploit granting access to a target’s WhatsApp on Android, including message content, could fetch anywhere between $1.7 million and $8 million.
WhatsApp, in particular, has emerged as a prime target for government-sponsored hackers, often resorting to zero-day exploits. A notable instance occurred in 2019 when researchers uncovered the NSO Group utilizing a zero-day exploit to target WhatsApp users. In response, WhatsApp took legal action against NSO Group, alleging that the company facilitated the abuse of its platform.
In another incident in 2021, a company sold a “zero-click RCE” (Remote Code Execution) exploit in WhatsApp for approximately $1.7 million. This exploit allowed hackers to execute malicious code without any interaction from the target. It took advantage of a flaw in the image rendering library and was compatible with Android versions 9 to 11.
The inherent value of targeting WhatsApp lies in its capability to access a target’s chats without compromising the entire phone. However, it’s crucial to note that these WhatsApp security exploits can also serve as part of a chain attack, leading to further compromise of the victim’s device. Stay vigilant and informed, as cyber threats continue to evolve, and security remains paramount in the digital age.